Search for a command to run...
My personal Ansible automation for pentesting environments
After spending way too many hours manually setting up my hacking machines every time I got a fresh Kali install, I decided enough was enough. I wanted something that could take a vanilla system and turn it into my perfect pentesting environment with a single command.
That's how this Ansible setup was born. One make setup and I'm ready to hack.
My Ansible playbook handles everything I need for security work.
For system basics, it sets my timezone to Porto-Novo since that's where I'm based, configures my French keyboard layout, and sets up passwordless sudo because life's too short for typing passwords constantly :).
The essential tools part covers all the classics like Ghidra, Gobuster, and Bettercap, plus tons more. I've also included Go security tools like Nuclei, Subfinder, HTTPx, and Naabu, though they're disabled by default. There are also custom scripts that actually make my life easier.
My workflow setup is where it gets personal. Neovim gets configured exactly how I like it, Tmux comes with my custom config, and the Python environment is set up with pyenv. All my dotfiles can either be copied or symlinked for Git tracking.
The bonus features include MATE desktop tweaks for Parrot OS, appearance customizations, a host management script for CTF challenges, and my personal hacking lab manager that lives in .bin/ and I use daily.
The coolest part? I've built in some automation that actually thinks.
There's my personal lab command, powered by a Python script in .bin/hacking/, that manages my training workflow. Running lab ctf creates organized CTF challenge directories with proper categories, while lab box sets up directories for HTB/THM machines. It automatically slugifies names, handles existing projects, and jumps straight to the working directory when done.
The host-entry script manages my /etc/hosts file for CTF challenges. It backs up my original hosts file automatically, adds CTF entries in a clean marked section, and lets me easily clean up when I'm done. No more manually editing hosts files for every challenge.
For workspace organization, the create-structure script builds out a proper workspace with dedicated directories for real client work, internal testing, HTB and VulnHub boxes, lab environments, CTF challenges, compiled tools, custom scripts, VPN configs, SSH keys, reports, wordlists, and archived projects.
work/
├── pentests/
│ ├── clients/ # Real client work
│ └── internal/ # Internal testing
├── training/
│ ├── boxes/ # HTB, VulnHub boxes
│ ├── labs/ # Lab environments
│ └── challenges/ # CTF challenges
├── tools/
│ ├── built/ # Compiled tools
│ ├── custom/ # My custom scripts
│ └── utils/ # Random utilities
├── configs/
│ ├── vpn/ # VPN configs
│ ├── ssh/ # SSH keys and configs
│ └── clipboard/ # Clipboard tools
├── reports/ # All my reports
├── wordlists/ # Security wordlists
└── archive/ # Old stuff
Dead simple. Clone the repo, change into the directory, and run make setup. The Makefile gives you everything you need with make setup for full installation, make create-structure to build workspace directories, make check to validate before running, and make install-ansible to get Ansible if you don't have it.
Kali Linux works perfectly and this is where I do most of my testing. Parrot OS is functional but their main repos have some outdated packages that can cause issues. Other Debian distributions might work, but I haven't tested extensively.
The whole thing is organized into Ansible roles:
roles/
├── system/ # Base config (timezone, keyboard, scripts)
├── tools/ # APT packages and terminal tools
├── gotools/ # Go security tools (optional)
├── nvim/ # Neovim setup
├── tmux/ # Terminal multiplexer
├── appearance/ # Visual tweaks
├── mate/ # MATE desktop (Parrot)
└── dotfiles/ # Config file management
Each role handles a specific part of the setup, so you can pick and choose what you want.
I still use VMs for most of my work, but this Ansible setup works anywhere. Whether it's VMs, physical machines, or cloud instances, the setup maintains consistency every time with no human error. From fresh install to fully configured takes under 10 minutes, and one playbook works across different deployment scenarios.
Here's how I actually use this day-to-day:
make setup → grab coffeelab ctf → picks category, creates directory, jumps therelab box → organized box directory readysudo host-entry add ctf.example.com 10.10.10.10The lab command is probably what I use most. It gets deployed with my dotfiles (the .bin directory gets copied to ~/.bin) and integrated into my shell via .triplea.zsh. No more manually creating directories or figuring out where I put that challenge from last week.
It's Infrastructure as Code, but actually practical for security work.
This setup has saved me countless hours of manual configuration. If anyone else is tired of rebuilding their hacking environment from scratch every time, give it a shot. The code's on GitHub and it's ready to use.
Stay in the loop with my latest projects and insights! Follow me on Twitter to catch all the updates as they happen. Don't miss out on the journey – let's connect and explore the world of tech together. Click to follow now!